[CVE = Common Vulnerabilities and Exposures]
Another Second Tuesday of the month... Another Adobe Flash and Adobe AIR patch marathon!
This time we're up to Adobe Flash v126.96.36.199 and Adobe AIR v188.8.131.52, patching 35 (thirty-five) CVE security flaws.
Where to download the updates
The new Adobe Flash (and AIR) Security Bulletin
Details from the new Adobe Flash (and AIR) Security Bulletin, with added links to available CVE data!
Vulnerability Details(Note: CVEs not linked above did not have available data at Mitre.org at the time of this posting).
These updates resolve type confusion vulnerabilities that could lead to code execution (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555, CVE-2015-5558, CVE-2015-5562).
These updates include further hardening to a mitigation introduced in version 184.108.40.206 to defend against vector length corruptions (CVE-2015-5125).
These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107, CVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127, CVE-2015-5563, CVE-2015-5561, CVE-2015-5124, CVE-2015-5564).
These updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-5129, CVE-2015-5541).
These updates resolve buffer overflow vulnerabilities that could lead to code execution (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133).
These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, CVE-2015-5553).
These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2015-5560).
No new zero-day Flash/AIR exploits have been reported at this time. However, Adobe considers these updates to be CRITICAL. Therefore, it is advised to update ASAP.